stackoom
  简体   繁体   中英

HttpOnly cookies on google app engine java

 原文  2010-04-15 01:50:34       java/ google-app-engine/ cookies/ httponly

Question

Anyone know how I can use httponly cookies for sessions and cookies on the app engine?

In the javadoc for the Cookie class, http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean) , there is a setHttpOnly method.

I get a compiler error when trying to use it when developing for app engine though.

The method was introduced in the Servlet 3.0 spec, so its pretty new.

2 answers

solution1
 3 ACCPTED  2010-04-15 01:55:01

App Engine supports the Servlet API at version 2.5, so you cannot use the setHttpOnly method.

You could try to output the cookie header yourself. 

resp.setHeader("Set-Cookie", "A=7; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net; HttpOnly");

solution2
 1  2018-04-13 20:49:50

Since 2017 GAE does support servlet API 3.1 So I've tested the following cookie option inside web.xml and it works: 

<session-config>
  <cookie-config>
    <http-only>true</http-only>
  </cookie-config>
</session-config>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to delete cookies on app engine app in Java Set HttpOnly for all cookies in spark-java How to get httponly cookies from a Java client? Google App Engine Java API XSLT in Google App Engine (Java) Google App Engine, Java Frameworks? Is there a HTML templating engine for Google App Engine (in Java)? Alternatives of Google App Engine + Java Roles in Java Google App Engine Google App Engine and Java Version
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM